Re: [openssl-users] FW: Visual Studio compiler error for WinCE since OpenSSL version 1.0.1k
On 21/11/2016 19:52, Eichenberger, John wrote: I am building both OpenSSL and WPA Supplicant for use on a Windows Mobile 6.5 platform. The WPA Supplicant version in use is based upon the hostap_2_0 tag from http://w1.fi/hostap.git. The version of OpenSSL that we have been using until now is based upon the OpenSSL_1_0_1g from https://github.com/openssl/openssl I can upgrade to OpenSSL_1_0_1j and still succeed. But when I merge changes from OpenSSL_1_0_1k, all 802.1x authentication fails. I narrowed this problem down to a single line in crypto/constant_time_locl.h. Attached is the patch set that I applied to resolve this issue for me. It is a confusing issue because I can compile that same bit of code in Visual Studio within a different trivial application and see that although the two methods for that bit of code produce slightly different assembly language, both should produce the same result. And for that trivial application they do! So why this difference breaks authentication for me when it is all thrown together makes no sense. In my patch set you can see that I also changed what compiler switches are used for the WinCE target. That change did not appear to fix or break anything. I presume you are building for the ARM architecture since you didn't specify. Have you checked if reverting to the old compiler switches makes 1.0.1k work properly (even though it didn't break 1.0.1j)? The entire thing looks like a compiler bug in handling the expression used in 1.0.1k? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Disabling Client-Initiated TLS renegotiation
Hi, As part of securing our web interfaces, we wanted to disable client-initiated TLS renegotiation. The reasoning for this requirement is as follows- Generally, renegotiation of TLS sessions is much more resource-intensive for the server than the client, and should therefore not be performed at will to avoid degrading performance. Disabling client from renegotiating secures the server from undergoing a DoS attack due to continuous renegotiation requests. I see that there is an option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, but that is to secure the renegotiation, not disable it. I wanted to check if there is a patch or flag available to disable any negotiation initiated from the client side. Thanks and Regards, Sashank -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FW: Visual Studio compiler error for WinCE since OpenSSL version 1.0.1k
Possibly. I haven't scoped it any further than the fact that it fails for my build, which happens to use VS 2008. I am ill equipped to swap in different compiler versions and try again. -Ike- John Eichenberger Intermec by Honeywell Principal Engineer: Sustaining Engineering 425.921.4507 -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Monday, November 21, 2016 1:38 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] FW: Visual Studio compiler error for WinCE since OpenSSL version 1.0.1k Shouldn't you check for VS 2008 as well as MSC_VER ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] FW: Visual Studio compiler error for WinCE since OpenSSL version 1.0.1k
Shouldn't you check for VS 2008 as well as MSC_VER ? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] FW: Visual Studio compiler error for WinCE since OpenSSL version 1.0.1k
I am building both OpenSSL and WPA Supplicant for use on a Windows Mobile 6.5 platform. The WPA Supplicant version in use is based upon the hostap_2_0 tag from http://w1.fi/hostap.git. The version of OpenSSL that we have been using until now is based upon the OpenSSL_1_0_1g from https://github.com/openssl/openssl I can upgrade to OpenSSL_1_0_1j and still succeed. But when I merge changes from OpenSSL_1_0_1k, all 802.1x authentication fails. I narrowed this problem down to a single line in crypto/constant_time_locl.h. Attached is the patch set that I applied to resolve this issue for me. It is a confusing issue because I can compile that same bit of code in Visual Studio within a different trivial application and see that although the two methods for that bit of code produce slightly different assembly language, both should produce the same result. And for that trivial application they do! So why this difference breaks authentication for me when it is all thrown together makes no sense. In my patch set you can see that I also changed what compiler switches are used for the WinCE target. That change did not appear to fix or break anything. -Ike- John Eichenberger Intermec by Honeywell Principal Engineer: Sustaining Engineering 425.921.4507 0001-Avoid-the-VS-2008-compiler-bug-that-breaks-1.0.1k-th.patch Description: 0001-Avoid-the-VS-2008-compiler-bug-that-breaks-1.0.1k-th.patch -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] What is the purpose of util/mkdef.pl
If you add your own function, you need to run ‘make update’ which calls mkdef. It is needed for the build procedure. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users